[SMB3POSIX] File attributes

Tom Talpey tom at talpey.com
Tue Nov 14 16:22:00 UTC 2023

On 11/14/2023 4:30 AM, ronnie sahlberg wrote:
> On Tue, 14 Nov 2023 at 19:16, Ralph Boehme via samba-technical
> <samba-technical at lists.samba.org> wrote:
>> On 11/13/23 18:50, Jeremy Allison wrote:
>>> On Mon, Nov 13, 2023 at 12:28:18PM +0100, Ralph Boehme wrote:
>>>> We had support for file atttributes in the CIFS UNIX extensions, this
>>>> is currently not in the spec (or code) for SMB3 POSIX.
>>>> Is this intentional? What is the reason?
>>> Do you mean the attributes listed by:
>>> man chattr.
>> yes.
>>> chattr - change file attributes on a Linux file system
>>> This was at the insitence of Steve as I recall.
>> adding Steve to the loop.
>>> We never implemented this.
>>> Might be done via a tunnelling ioctl ? Other thoughts ?
>> well, it's a rabbit hole of its own and still seem to be rarely used on
>> Linux and the BSDs. It's not POSIX anyway so just declare it out of
>> scope for now?
> Not to derail, but "chattr +i" is not a rabbithole. It is very much real.
> If you are going to set up and run bind locally on a systemd-resolved
> infected system
> you literally must use chattr +i to stop it from ruining your /etc/resolv.conf

But, does it need to be exposed to remote access? It would seem to be an
admin function, most appropriate to apply via the server-local API.

So to flip the question, does "chattr -i" (or any of the zillion others)
expose any new vulnerability if remote? Some of them look fairly juicy
targets for ransomware infiltration.


>> The Linux interface is via ioctls so doing it over the wire via SMB2
>> IOCTLs looks like a good way forward allowing us to ignore this for now
>> and possibly add it later if there's demand and resources to implement it.
>> -slow

More information about the samba-technical mailing list